[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Linux firewall question.

	Henry Hollenberg     speed@barney.iamerica.net 

On Fri, 6 Mar 1998, Bernd Eckenfels wrote:

> > Speed:
> > The leaner the kernel is as far as the firewall is concerned, the
> > quicker it is able to handle packet forwarding/etc. 
> A modularized kernel can be leaner, since it doesnt require compiles all the
> time to get rid of unwanted parts.

> > Security:
> > Having module support on a firewall machine  invites the possibility
> > that one of the modules can be compromised through a trojan.
> This is also true for /sbin/init. I think the firewall has to be designed to
> be immutable/secure after a reboot (i.E. boot from read-only media) or/and
> do some checksums.

Not sure I follow the /sbin/init exploit, could you elaborate?

The systems I've just got in have (2) 2 gig SCSI disks apiece and the
third has so many SCSI disk in it I've lost count....(2) 1 gigs, a 2 gig
and a 4 gig I think.  Anyway this halving of my disk space was intentional
so I could do read only boot disks.

In fact I guess that's another part of this project...figuring out which
parts of the file system can go on the read only disk and which parts need
to go on a writable disk....Bernd are you game?

With CD-recordables around $400 and dropping vs $130 for a nice SCSI plain
CD-ROM putting the bootable parts on CD is a thought as well....Bernd?


E-mail the word "unsubscribe" to debian-firewall-request@lists.debian.org
TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble?  E-mail to listmaster@debian.org .

Reply to: